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DETAILED ACTION 

1 . Claims 39-40, 44-47, 49-57, 59-62, 64-65, 67 and 71 -74 Pending. 
Claims 1-38, 41-43, 48, 58, 63, 66, and 68-70 Canceled. 

Continued Examination Under 37 CFR 1.114 

2. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
4/10/2009 has been entered. 

Response to Arguments 

3. Applicant's arguments filed 12/01/2008 have been fully considered but they are 
not persuasive. 

As per Applicants arguments asserting that Elsey fails to disclose the limitation 
that the system is "configured to deny access to at least one other virtual database 
when the user has the access authorization to the first virtual database", Examiner 
agrees, but respectfully notes that the newly cited reference of Sandhu et al. ("The nist 

model for role-based access control: towards a unified standard", Proceedings of the fifth ACM workshop 
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on Role-based access control, pgs. 47-63, 2000, ACM and referred to hereinafter as Sandhu) clearly 

discloses this limitation. 

As per Applicants arguments regarding the limitation requiring the user to be in 
communication with a customer of a first tenant, Examiner respectfully disagrees. 
Examiner asserts, as asserted in the previous office action in regard to Claims 71-74 
that the newly introduces limitations are disclosed in the art of Thomas. The disclosure 
of Thomas on Page 18, Column 1 , clearly indicates that roles in a role based access 
control system are changed in response to events (e.g. the transfer of a patient), that 
these role transfer operations may be done on a group or user based granularity, and 
that the role transfer operations may be automated to occur automatically in response to 
changes in the host information system. Examiner asserts that this disclosure is 
sufficient, when taken in combination with the disclosure of Elsey, to allow the system of 
Elsey to grant the access and temporary role to a user for the duration of a live 
communication/telephone call between the user and a customer. 

As per the above arguments the rejection will be updated to reflect amendments 
made to the claims and maintained. 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 39-40, 44-47, 49-57, 59-62, 64-65, 67 and 71 -74 rejected under 35 
U.S.C. 103(a) as being unpatentable over Elsey et al. (U.S. 6,870,921 B1) in view of 
Thomas ("Team-based access control (TMAC): a primitive for applying role-based access controls in 
collaborative environments", Proceedings of the second ACM workshop on Role-based access control; 
Pgs. 13-19; 1997; ACM) and in view Of Sandhu ("The NIST model for role-based access control: 
towards a unified standard", Proceedings of the fifth ACM workshop on Role-based access control, Pgs. 
47-63, 2000, ACM). 

As per Claim 39, Elsey discloses a database system comprising: a partitionable 
database, wherein the partitionable database is partitioned into a plurality of virtual 
databases (column 2, lines 16-17), each virtual database of the plurality of virtual databases 

comprises a plurality Of files (column 4, lines 2-3, wherein "virtual database" could mean "private 
directory", Examiner notes that directories hold files of distinct information.), each virtual database Of 

the plurality of virtual databases corresponds to a tenant of the partitionable database, 
and for each tenant of the partitionable database, a partitioned virtual database for the 
tenant comprises stored files associated with the tenant (column 4, lines 9-16); and an 
access control subsystem (column 4, lines 16-22), wherein the access control subsystem is 
coupled to the virtual databases (column 4, lines 16- 22), the access control subsystem is 
configured to provide access to a user, the access provided to the user is to files in a 
first virtual database, the first virtual database is among the plurality of virtual 
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databases, the access control subsystem is configured to provide the access to the user 
only when the user has access authorization to the first virtual database from a first 
tenant corresponding to the first virtual database (column 4, lines 16-22). 

Elsey fails to disclose the access authorization is based at least in part on the 
whether the user is in communication with a customer of the first tenant, the access 
control subsystem is configured to deny access to at least one other virtual database 
when the user has the access authorization to the first virtual database, and the at least 
one other virtual database comprises one or more of the virtual databases other than 
the first virtual database. 

Thomas discloses the access authorization is based at least in part on the 
whether the user is in communication with a customer of the first tenant (Page 18, Column 
1 , wherein the permissions may be deactivated at the end of a workflow instance.). 

It would have been obvious to one skilled in the art at the time of Applicants 
invention to modify the teachings of Elsey with the teachings of Thomas to include the 
access authorization is based at least in part on the whether the user is in 
communication with a customer of the first tenant with the motivation to distinguish the 
passive concept of permission assignment from the active concept of context-based 
permission activation (Thomas, Abstract). 

Sandhu discloses the access control subsystem is configured to deny access to 
at least one other virtual database when the user has the access authorization to the 
first virtual database, and the at least one other virtual database comprises one or more 
of the virtual databases other than the first virtual database (Section 5.1 clearly discloses 
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static separation of duties which is used to prevents a user from being authorized for one role (e.g. a role 
allowing for access to at least one other virtual database) based on the user being authorized for a 
current role (e.g. a role allowing access to the first virtual database).). 

It would have been obvious to one skilled in the art at the time of Applicants 
invention to modify the teachings of Elsey with the teachings of Sandhu to include the 
access control subsystem is configured to deny access to at least one other virtual 
database when the user has the access authorization to the first virtual database, and 
the at least one other virtual database comprises one or more of the virtual databases 
other than the first virtual database with the motivation of preventing conflicts of interest 
in a role based system (Sandhu, Section 5.1) 

As per Claim 40, Elsey discloses the virtual databases are disjoint from one 

another (column 4, lines 9-16, wherein the information stored may contain different elements). 

As per Claim 44, Elsey discloses the access control subsystem is configured to 
provide access authorization to the user for a particular file in the first virtual database 
based on initiation of a database call through an associated computer telephony 
integration (CTI) system by the customer of the first tenant (column 5, lines 20-22). 

As per Claim 45, Elsey discloses an operator of the partitionable database 
provides a common call center service to customers of tenants of the partitionable 
database on behalf of the tenants (column 10, lines 20-26). 



Application/Control Number: 10/743,214 Page 7 

Art Unit: 2165 

As per Claim 46, Elsey discloses a method comprising: granting an access 
authorization to a user of a partitionable database (column 4, lines 2-4, 16-22), wherein the 
partitionable database comprises a plurality of virtual databases (column 4-iines 2-3), each 
virtual database of the plurality of virtual databases comprises a plurality of files (column 

4, lines 2-3, wherein "virtual database" could mean "private directory", Examiner notes that directories 

hold files of distinct information.), each virtual database of the plurality of virtual databases 
has a unique database owner (column 5, lines 21-22), the access authorization relates to a 
first virtual database of the plurality of virtual databases (column 4, lines 16- 22), providing 
to the user access to a file of the files in the first virtual database while the user has the 
access authorization (column 4, lines 16- 22). 

Elsey fails to disclose the access authorization is based at least in part on 
whether the user is in communication with a customer of the database owner of the first 
virtual database; and denying to the user access to a plurality of excluded files while the 
user has the access authorization, wherein the excluded files comprise files in the 
virtual databases other than the first virtual database. 

Thomas discloses the access authorization is based at least in part on whether 
the user is in communication with a customer of the database owner of the first virtual 
database (Page 18, Column 1, wherein the permissions may be deactivated at the end of a workflow 
instance.). 

It would have been obvious to one skilled in the art at the time of Applicants 
invention to modify the teachings of Elsey with the teachings of Thomas to include the 
access authorization is based at least in part on whether the user is in communication 
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with a customer of the database owner of the first virtual database with the motivation to 
distinguish the passive concept of permission assignment from the active concept of 
context-based permission activation (Thomas, Abstract). 

Sandhu discloses denying to the user access to a plurality of excluded files while 
the user has the access authorization, wherein the excluded files comprise files in the 
virtual databases other than the first virtual database (Section 5.1 clearly discloses static 

separation of duties which is used to prevents a user from being authorized for one role (e.g. a role 
allowing for access to at least one other virtual database) based on the user being authorized for a 
current role (e.g. a role allowing access to the first virtual database).). 

It would have been obvious to one skilled in the art at the time of Applicants 
invention to modify the teachings of Elsey with the teachings of Sandhu to include 
denying to the user access to a plurality of excluded files while the user has the access 
authorization, wherein the excluded files comprise files in the virtual databases other 
than the first virtual database with the motivation of preventing conflicts of interest in a 
role based system (Sandhu, Section 5.1) 

As per Claim 47, Elsey discloses the virtual databases are disjoint virtual 

databases (column 4, lines 9-16, wherein the information stored may contain different elements). 

As per Claim 49, Elsey discloses the user needs an authorization from an owner 
of a file within the first virtual database to access that file, the method comprising: 
providing access to the file to the user after the owner of the file grants the authorization 
to access that file (column 4, lines 11-16; column 4, lines 19-24; column 4, lines 30-33). 
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As per Claim 50, Elsey discloses before the providing of the access to the file, 
receiving access authorization to the file for the user from the owner of the file (column 4, 
lines 16-22; column 4, lines 30-33). 

As per Claim 51 , Elsey discloses the receiving of the access authorization to the 
file comprises initiation, by the customer, of a database call to the user through an 
associated computer telephony integration (CTI) system (column 4, lines 38-59). 

As per Claim 52, Elsey discloses the partitionable database comprises a multi- 
tenant database having a plurality of tenants, each tenant of the tenants being an owner 
of a separate virtual database, at least two of the tenants utilizing a common call center 

service (column 4, lines 2-3; column 4, lines 9-12; column 4, lines 26-28; column 4, lines 38-51). 

As per Claim 53, Elsey discloses the partitionable database stores a plurality of 
files that are each associated with one of a plurality of unique database owners such 
that the virtual databases each comprise stored files associated with the corresponding 

owner Of the virtual database (column 4, lines 2-3; column 4, lines 9-16). 

As per Claim 54, Elsey discloses the partitionable database is operated by a 
database operator on behalf of the owners of the virtual databases as tenants of the 
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partitionable database (column 2, lines 20-25; column 4, lines 46-47, wherein the subscriber needs a 
service that is operated by an operator). 

As per Claim 55, Elsey discloses each of the tenants lease capacity of the 
partitionable database from the database operator (column 4, lines 36- 38, wherein the 

subscriber or tenant needs a service that is operated by an operator). 

As per Claim 56, Elsey discloses the granting the access authorization to the 
user for database is initiated by a telephone call from the customer through a computer 
telephony integration (CTI) system (column 4, lines 38-44). 

As per Claim 57, Elsey discloses the user is a representative of an organization 
providing a service to the owner of the first virtual database (column 4, lines 30-33). 

As per Claim 59, Elsey discloses the access provided to the user is temporary 
access limited to a duration of the telephone call (column 5, line 32; column 5, line 56; wherein 
the "duration" is the time between log in and log out). 

As per Claim 60, Elsey discloses the telephone call is made regarding the file, 
the method comprising: automatically providing access to the user to other files in the 
first virtual database based on the telephone call (column 10, lines 20-25; column 10, lines 35- 

37). 
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As per Claim 61 , Elsey discloses the computer telephony integration (CTI) 
system is part of a call center service common to the owners of the virtual databases 

(column 4, lines 38-44; column 10, lines 20-26). 

As per Claim 62, Elsey discloses the providing the access is based at least in 
part on the user receiving the telephone call via the CTI system (column 4, lines 38-44). 

As per Claim 64, Elsey discloses a method comprising: setting access privileges 
for a multi-tenant database (column 4, lines 2-4, 16-22), wherein the multi-tenant database 
comprises a partitionable database (column 4, lines 2-3), the partitionable database 

comprises a plurality Of virtual databases (column 4, lines 2-4, wherein "virtual database" could 
mean "private directory"; column 4, lines 9- 16), each of the virtual databases has an owner 
tenant among tenants of the multi- tenant database (column 5, lines 21-22), each of the 
virtual databases comprises multiple associated groups of data groups (column 4, lines 9- 
11), the setting the access privileges for the multi-tenant database comprises setting 
access privileges for the data groups in each of the virtual databases (column 4, lines 16- 
18; column 4, lines 28-35), and for each of multiple requests by a user to data groups in the 
virtual databases (column 4, lines 31-32), determining whether to grant access to the user 
for a requested data group based at least in part on a relationship of the user to an 
owner tenant of the virtual database that comprises the requested data group column 2, 
lines 45-47; column 4, lines 19-20; column 4, lines 28-35); when the relationship of the user to the 
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owner tenant is determined to be an employee relationship, granting access to the user 
for the requested data group (column 4, lines 28-35). 

Elsey fails to disclose when the relationship of the user to the owner tenant is not 
determined to be an employee relationship, granting temporary access to the user for 
the requested data group only during a time when the user is in communication with a 
customer of the owner tenant, and when the relationship of the user to the owner 
tenant is not determined to be an employee relationship, denying access to the user for 
at least one other data group during the time when the user is in communication with 
the customer of the owner tenant, and the at least one other data group comprises one 
or more of the data groups other than the requested data group. 

Thomas discloses when the relationship of the user to the owner tenant is not 
determined to be an employee relationship, granting temporary access to the user for 
the requested data group only during a time when the user is in communication with a 
Customer Of the owner tenant (Page 18, Column 1 , wherein the permissions may be deactivated at 
the end of a workflow instance.). 

It would have been obvious to one skilled in the art at the time of Applicants 
invention to modify the teachings of Elsey with the teachings of Thomas to include when 
the relationship of the user to the owner tenant is not determined to be an employee 
relationship, granting temporary access to the user for the requested data group only 
during a time when the user is in communication with a customer of the owner tenant 
with the motivation to distinguish the passive concept of permission assignment from 
the active concept of context-based permission activation (Thomas, Abstract). 
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Sandhu discloses when the relationship of the user to the owner tenant is not 
determined to be an employee relationship, denying access to the user for at least one 
other data group during the time when the user is in communication with the customer 
of the owner tenant, and the at least one other data group comprises one or more of the 

data groups Other than the requested data group (Section 5.1 clearly discloses static separation 
of duties which is used to prevents a user from being authorized for one role (e.g. a role allowing for 
access to at least one other data group) based on the user being authorized for a current role (e.g. a role 
allowing access to the first data group).). 

It would have been obvious to one skilled in the art at the time of Applicants 
invention to modify the teachings of Elsey with the teachings of Sandhu to include when 
the relationship of the user to the owner tenant is not determined to be an employee 
relationship, denying access to the user for at least one other data group during the time 
when the user is in communication with the customer of the owner tenant, and the at 
least one other data group comprises one or more of the data groups other than the 
requested data group with the motivation of preventing conflicts of interest in a role 
based system (Sandhu, Section 5.1) 

As per Claim 65, Elsey discloses each of the data groups is a file stored in the 
multi-tenant database (column 4, lines 2-3). 

As per Claim 67, Elsey discloses at least a first subset of the requests for data 
groups by users are received for users that are user representatives of a database 
operator; each request in the first subset of the requests is based on a contact to a user 
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representative, the users that the contact is initiated by a tenant that owns a virtual 
database associated with the requested data group, and the access authorization for 
the user representative is determined to have been provided by the owner tenant based 
on the contact initiated by the tenant (column 4, lines 16-22; column 4, lines 28-33). 

As per Claim 71 , Elsey fails to disclose the temporary access granted to the user 
is limited to a duration of a live verbal communication between the user and the 
customer of the owner tenant. 

Thomas discloses the temporary access granted to the user is limited to a 
duration of a live verbal communication between the user and the customer of the 
Owner tenant (Page 18, Column 1, wherein the permissions may be deactivated at the end of a 
workflow instance.). 

It would have been obvious to one skilled in the art at the time of Applicants 
invention to modify the teachings of Elsey with the teachings of Thomas to include the 
temporary access granted to the user is limited to a duration of a live verbal 
communication between the user and the customer of the owner tenant with the 
motivation to distinguish the passive concept of permission assignment from the active 
concept of context-based permission activation (Thomas, Abstract). 

As per Claim 72, Elsey fails to disclose the temporary access granted to the user 
is limited to a duration of a telephone call between the user and the customer of the 
owner tenant. 
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Thomas discloses the temporary access granted to the user is limited to a 
duration of a telephone call between the user and the customer of the owner tenant 

(Page 18, Column 1, wherein the permissions may be deactivated at the end of a workflow instance.). 

It would have been obvious to one skilled in the art at the time of Applicants 
invention to modify the teachings of Elsey with the teachings of Thomas to include the 
temporary access granted to the user is limited to a duration of a telephone call 
between the user and the customer of the owner tenant with the motivation to 
distinguish the passive concept of permission assignment from the active concept of 
context-based permission activation (Thomas, Abstract). 

As per Claim 73, Elsey fails to disclose the temporary access granted to the user 
is limited to a duration of a live verbal communication between the user and the 
customer of the first tenant. 

Thomas discloses the temporary access granted to the user is limited to a 
duration of a live verbal communication between the user and the customer of the first 
tenant (Page 18, Column 1, wherein the permissions may be deactivated at the end of a workflow 
instance.). 

It would have been obvious to one skilled in the art at the time of Applicants 
invention to modify the teachings of Elsey with the teachings of Thomas to include the 
temporary access granted to the user is limited to a duration of a live verbal 
communication between the user and the customer of the first tenant with the motivation 
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to distinguish the passive concept of permission assignment from the active concept of 
context-based permission activation (Thomas, Abstract). 

As per Claim 74, Elsey fails to disclose the temporary access granted to the user 
is limited to a duration of a live verbal communication between the user and the 
customer. 

Thomas discloses the temporary access granted to the user is limited to a 
duration of a live verbal communication between the user and the customer (Page 18, 

Column 1, wherein the permissions may be deactivated at the end of a workflow instance.). 

It would have been obvious to one skilled in the art at the time of Applicants 
invention to modify the teachings of Elsey with the teachings of Thomas to include the 
temporary access granted to the user is limited to a duration of a live verbal 
communication between the user and the customer with the motivation to distinguish 
the passive concept of permission assignment from the active concept of context-based 
permission activation (Thomas, Abstract). 

Points of Contact 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Michael J. Hicks whose telephone number is (571) 272- 
2670. The examiner can normally be reached on Monday - Friday 9:00a - 5:30p. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Neveen Abel-Jalil can be reached at (571)272-4074. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Michael J Hicks 
Art Unit 2165 
Phone: (571)272-2670 
Fax: (571)273-2670 

/Neveen Abel-Jalil/ 

Supervisory Patent Examiner, Art Unit 2165 



